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Patent claims 
1. 

An arrangement in a mobil data communications terminal (103) for providing mobil IP 
communication via a dual tunnell IP packet data connection between a first application 
(121) in the mobil data communications terminal and a second application (101) in a 
second terminal in communication with an inner network (105), said inner network 
directly or via a firewall (104) connected with an outer network (107), wherein an outer 
mobil IP home agent (102) is arranged in the outer network or in a DMZ (106) 
associated with the firewall and an inner mobil IP home agent (130) is arranged in the 
inner netwotk, said arrangement comprising: 

a first mobil IP client part (116) configurable for association with the inner mobil IP 
home agent (130), said first mobil IP client part arranged to convey data between the 
first application and the second mobil IP client part and to an inner tunnell part (123) 
directed to the inner home agent, and 

a second mobil IP client part (115) configurable for association with the outer mobil IP 
home agent (102), said second mobil IP client part arranged to convey data between the 
first mobil IP client part and the outer network and to an outer tunnell part (124) 
directed to the outer home agent. 

2. 

Arrangement according to claim 1, wherein said second mobil IP client part further is 
configurable to also convey data between the first application and the outer network, 
and said arrangement further comprising a device which, if the terminal obtains access 
via the outer network, is arranged to provide a first connection between the first 
application and the first mobil IP client part, a second connection between the first 
mobil IP client part and the second mobil IP client part, and a third connection between 
the second mobil IP client part and the outer mobile IP home agent, and 
if the terminal obtains access via the inner network, is arranged to provide a fourth 
connection between the first application and the second mobil IP client part, and a fifth 
connection between the second mobil IP client part and the inner mobile IP home agent. 

3. 

Arrangement according to claim 1 or 2, wherein said first mobil IP client part (1 16) is 
controllable for activation or deactivation, and said arrangement further comprising a 
mobil IP detection device: 
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c. said mobil IP detection device adapted to activate the first mobil IP client part 
on detection of a connection to the inner network (105) and a successfull mobil 
IP registration with the inner home agent (130), and 

d. said mobil IP detection device adapted to activate the second mobil IP client part 
on detection of a connection to the outer network (107) and a successfull mobil 
IP registration with the outer home agent (130). 

4. 

Arrangement according to claim 1 or 2, wherein said first mobil IP client part (1 16) is 
controllable for activation and deactivation, and that the arrangement further comprises 
a mobil IP detection device arranged to activate the first mobil IP client part on 
detection of connection to the outer network (107) by means of at least one of a 
detection device selected from a group comprising: 

e. a first monitoring device arranged to determine the source IP address of an 
incoming packet and to determine that the address is outside an address range 
configured for the inner network (105), 

f. a second monitoring device arranged to analyze ICMP control messages and 
arranged to determine that an address associated with the ICMP control message 
is outside an address range configured for the inner network (105), 

g. a third monitoring device arranged to detect an outer home agent (102) on 
transmission of a registration message with improper security association, and 

h. a fourth monitoring device arranged to compare results from said first and 
second monitoring devices with collected history regarding MAC and IP 
addresses to Mobil IP Foreign Agents, Default gateways, and WLAN access 
points that indicate that the mobil terminal is operating in the outer network, and 

wherein at least one of said detection devices (a,b,c,d) is arranged to indicate that 
the mobil terminal (103) is connected to the outer network. 

5. 

Arrangement according to claim 1 or 2, wherein 

said first mobil IP client part (1 16) is controllable for deactivation, and 

said arrangement further comprising a mobil IP detection device arranged for 

deactivating the first mobil IP client part on detection of a connection to the outer 

network (107) by means of at least one of a detection device selected from: 

e. a first monitoring device arranged to determine the source IP address of an 

incoming packet and arranged for detecting that the address is inside an address 

range figured for the inner network (105), 
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f. a second monitoring device arranged to analyze ICMP controll messages and 
arranged to detect that an address associated with the ICMP controll message is 
inside an address range configured for the inner network (105), 

g. a third monitoring device arranged to detect an inner home agent (130) on 
transmission of a registration message with incorrect security association, and 

h. a fourth monitoring device arranged to detect inconsistances in results from the 
first, the second and the third monitoring devices and collected history regarding 
MAC and IP addresses to Mobil IP Foreign Agents, Default Gateways, and 
WLAN access points that indicate that the mobil terminal is operating in the 
inner network (105), and 

wherein at least one of said detection devices (a,b,c,d) is arranged to indicate that the 
mobil terminal (103) is connected to the inner network. 

6. 

Arrangement according to any one of the previous claims, wherein said arrangement 
further comprises, 

a third security client part interposed between the first and second mobil IP client parts 
and configurable for via a security arrangement arranged between said inner and outer 
networks establishing a secure connection with the inner network. 

7. 

A mobil IP terminal, wherein said mobil IP terminal comprises an arrangement 
according to any one of the previous claims. 

8. 

A computer program product comprising a data carrier having thereon a computer 
program code loadable and executable in a mobil IP data communications terminal, 
wherein said computer program code when loaded and executed in the mobil IP data 
communications terminal effects the establishment of an arrangement as recited in any 
one of claims 1 through 6. 

9. 

An information technology (IT) system for providing a packet data connection between 
a first application (121) operable in a mobil data communications terminal (103) and a 
second application (101) operable in a second terminal in an inner network (105) 
protected by a firewall (104), said system arranged for communication by means of 
mobil IP with a system comprising the inner network, an outer network (107) and an 
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outer home agent (102) arranged in the outer network or in a DMZ (106) associated 

with the firewall arranged between the inner and outer network, wherein: 

an inner home agent (130) is arranged in the inner network, and 

said inner home agent is configurable for association with a first mobil IP client part 

(116) operable in the mobil data communications terminal, and said outer home agent is 

configurable for association with a second mobil IP client part (115) operable in the 

mobil data communications terminal, 

said first mobil IP client part being arranged to convey data between said first 
application and said other mobil IP client part and to an inner tunnell part (123) directed 
to the inner home agent, and 

said second mobil IP client part being arranged to convey data between said first mobil 
IP client part and said outer network and to an outer tunnell part (124) directed to said 
outer home agent. 

10. 

A data communications system for providing a packet data connection between a first 
application operable in a mobil data communications terminal (103) and a second 
application (101) operable in a second terminal connected to an inner network (105) 
protected by a firewall (104), said system arranged for communication by means of 
mobil IP via a system comprising the inner network, an outer network (107) and an 
outer home agent (102) arranged in said outer network or in a DMZ (106) associated 
with the firewall (104) being arranged between the inner and outer networks, wherein: 
an inner home agent (130) is arranged in the inner network, and 
said mobil data communications terminal including: 

c. a first mobil IP client part (116) configurable for association with said inner 
mobil IP home agent (130), said first mobil IP client part arranged to convey 
data between said first application and said second mobil IP client part and to an 
inner tunnell part (123) directed to said inner home agent, and 

d. a second mobil IP client part (115) configurable for association with said outer 
mobil IP home agent (102), said second mobil IP client part being arranged to 
convey data between said first mobil IP client part and said outer network and to 
an outer tunnell part (124) directed to said outer home agent. 



